Are we impacted by this vulnerability

anjanesh

https://nodejs.org/en/blog/vulnerability/mar-2022-security-releases/

"The OpenSSL project announced this week that they will be releasing versions 3.0.2 and 1.1.1n on the 15th of March 2022 between 1300-1700 UTC. The releases will fix two security defects that are labelled as “HIGH” severity under their security policy.

Node.js v12.x, v14.x and v16.x use OpenSSL v1.1.1 and Node.js v17.x uses OpenSSL v3. Therefore all active release lines are impacted by this update."

sean

anjanesh if you're using any of the versions of Node that you mentioned then you're impacted by the vulnerability.

Customers are responsible for maintaining the security of their installed applications. When the NodeJS project releases their updated versions then you should replace your Node app's "node" directory with the newer version. This applies to Ghost apps as well.